EDR: The Remote Web Server Does Not Utilize A Content Security Policy Frame-Response Header - Is This A Vulnerability?

EDR: The Remote Web Server Does Not Utilize A Content Security Policy Frame-Response Header - Is This A Vulnerability?

Environment

  • EDR Server: All Supported Versions

Question

Nessus vulnerability scan detects EDR web server as not utilizing a Content Security Policy frame-response header - is this a true vulnerability?

Answer

This is not a vulnerability: the EDR webapp is serving the X-Frame-Options HTTP header. This is the old way of accomplishing the same result that CSP does, but for older versions of browsers.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎11-17-2021
Views:
75
Contributors